crypto: expose crypto.constants.OPENSSL_IS_BORINGSSL

codebytere · codebytere · commit a2f1d5269356 · 2025-05-19T14:59:25.000+02:00
diff --git a/src/node_constants.cc b/src/node_constants.cc
@@ -817,6 +817,13 @@ void DefineCryptoConstants(Local<Object> target) {
     NODE_DEFINE_CONSTANT(target, OPENSSL_VERSION_NUMBER);
 #endif
 
+#ifdef OPENSSL_IS_BORINGSSL
+#undef OPENSSL_IS_BORINGSSL
+#define OPENSSL_IS_BORINGSSL 1
+    NODE_DEFINE_CONSTANT(target, OPENSSL_IS_BORINGSSL);
+#undef OPENSSL_IS_BORINGSSL
+#endif
+
 #ifdef SSL_OP_ALL
     NODE_DEFINE_CONSTANT(target, SSL_OP_ALL);
 #endif
diff --git a/test/parallel/test-crypto-getcipherinfo.js b/test/parallel/test-crypto-getcipherinfo.js
@@ -62,9 +62,13 @@ assert(getCipherInfo('aes-128-cbc', { ivLength: 16 }));
 
 assert(!getCipherInfo('aes-128-ccm', { ivLength: 1 }));
 assert(!getCipherInfo('aes-128-ccm', { ivLength: 14 }));
-for (let n = 7; n <= 13; n++)
-  assert(getCipherInfo('aes-128-ccm', { ivLength: n }));
+if (!crypto.constants.OPENSSL_IS_BORINGSSL) {
+  for (let n = 7; n <= 13; n++)
+    assert(getCipherInfo('aes-128-ccm', { ivLength: n }));
+}
 
 assert(!getCipherInfo('aes-128-ocb', { ivLength: 16 }));
-for (let n = 1; n < 16; n++)
-  assert(getCipherInfo('aes-128-ocb', { ivLength: n }));
+if (!crypto.constants.OPENSSL_IS_BORINGSSL) {
+  for (let n = 1; n < 16; n++)
+    assert(getCipherInfo('aes-128-ocb', { ivLength: n }));
+}
diff --git a/test/parallel/test-crypto-hkdf.js b/test/parallel/test-crypto-hkdf.js
@@ -125,7 +125,7 @@ const algorithms = [
   ['sha256', '', 'salt', '', 10],
   ['sha512', 'secret', 'salt', '', 15],
 ];
-if (!hasOpenSSL3)
+if (!hasOpenSSL3 && !crypto.constants.OPENSSL_IS_BORINGSSL)
   algorithms.push(['whirlpool', 'secret', '', 'info', 20]);
 
 algorithms.forEach(([ hash, secret, salt, info, length ]) => {
diff --git a/test/parallel/test-tls-getprotocol.js b/test/parallel/test-tls-getprotocol.js
@@ -11,6 +11,7 @@ const { hasOpenSSL } = require('../common/crypto');
 const assert = require('assert');
 const tls = require('tls');
 const fixtures = require('../common/fixtures');
+const { constants } = require('crypto');
 
 const clientConfigs = [
   {
@@ -29,11 +30,14 @@ const clientConfigs = [
 
 const serverConfig = {
   secureProtocol: 'TLS_method',
-  ciphers: 'RSA@SECLEVEL=0',
   key: fixtures.readKey('agent2-key.pem'),
   cert: fixtures.readKey('agent2-cert.pem')
 };
 
+if (!constants.OPENSSL_IS_BORINGSSL) {
+  serverConfig.ciphers = 'RSA@SECLEVEL=0';
+}
+
 const server = tls.createServer(serverConfig, common.mustCall(clientConfigs.length))
 .listen(0, common.localhostIPv4, function() {
   let connected = 0;
diff --git a/test/parallel/test-tls-write-error.js b/test/parallel/test-tls-write-error.js
@@ -6,6 +6,7 @@ if (!common.hasCrypto)
 const { TestTLSSocket, ccs } = require('../common/tls');
 const fixtures = require('../common/fixtures');
 const https = require('https');
+const { constants } = require('node:crypto');
 
 // Regression test for an use-after-free bug in the TLS implementation that
 // would occur when `SSL_write()` failed.
@@ -17,9 +18,12 @@ const server_cert = fixtures.readKey('agent1-cert.pem');
 const opts = {
   key: server_key,
   cert: server_cert,
-  ciphers: 'ALL@SECLEVEL=0'
 };
 
+if (!constants.OPENSSL_IS_BORINGSSL) {
+  opts.ciphers = 'ALL@SECLEVEL=0';
+}
+
 const server = https.createServer(opts, (req, res) => {
   res.write('hello');
 }).listen(0, common.mustCall(() => {
